[lxc-devel] [lxd/master] lxc/remote: Use candid if supported

Thu Feb 28 10:12:21 UTC 2019

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190228/251001ab/attachment.bin>
-------------- next part --------------
From 5ad177307d18f9b142156c3cbc89c86b6ebe85b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 28 Feb 2019 11:09:16 +0100
Subject: [PATCH] lxc/remote: Use candid if supported
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxc/remote.go | 41 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 36 insertions(+), 5 deletions(-)

diff --git a/lxc/remote.go b/lxc/remote.go
index 6bc6417103..f1c02b5409 100644
--- a/lxc/remote.go
+++ b/lxc/remote.go
@@ -130,10 +130,6 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
 		c.flagProtocol = "lxd"
 	}
 
-	if c.flagAuthType == "" {
-		c.flagAuthType = "tls"
-	}
-
 	// Initialize the remotes list if needed
 	if conf.Remotes == nil {
 		conf.Remotes = map[string]config.Remote{}
@@ -211,7 +207,7 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
 	// Finally, actually add the remote, almost...  If the remote is a private
 	// HTTPS server then we need to ensure we have a client certificate before
 	// adding the remote server.
-	if rScheme != "unix" && !c.flagPublic && c.flagAuthType == "tls" {
+	if rScheme != "unix" && !c.flagPublic && (c.flagAuthType == "tls" || c.flagAuthType == "") {
 		if !conf.HasClientCertificate() {
 			fmt.Fprintf(os.Stderr, i18n.G("Generating a client certificate. This may take a minute...")+"\n")
 			err = conf.GenerateClientCertificate()
@@ -236,6 +232,9 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
 			return err
 		}
 
+		remote := conf.Remotes[server]
+		remote.AuthType = "tls"
+		conf.Remotes[server] = remote
 		return conf.SaveConfig(c.global.confPath)
 	}
 
@@ -309,6 +308,38 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	// If not specified, default authentication to Candid
+	if c.flagAuthType == "" {
+		if !srv.Public && shared.StringInSlice("candid", srv.AuthMethods) {
+			c.flagAuthType = "candid"
+
+			// Update the remote configuration
+			remote := conf.Remotes[server]
+			remote.AuthType = c.flagAuthType
+			conf.Remotes[server] = remote
+
+			// Re-setup the client
+			d, err = conf.GetContainerServer(server)
+			if err != nil {
+				return err
+			}
+
+			d.(lxd.ContainerServer).RequireAuthenticated(false)
+
+			srv, _, err = d.(lxd.ContainerServer).GetServer()
+			if err != nil {
+				return err
+			}
+		} else {
+			c.flagAuthType = "tls"
+
+			// Update the remote configuration
+			remote := conf.Remotes[server]
+			remote.AuthType = c.flagAuthType
+			conf.Remotes[server] = remote
+		}
+	}
+
 	if !srv.Public && !shared.StringInSlice(c.flagAuthType, srv.AuthMethods) {
 		return fmt.Errorf(i18n.G("Authentication type '%s' not supported by server"), c.flagAuthType)
 	}
